Ballot Fraud? Here's What To Do

Washington state’s online voter registration system is vulnerable to hackers, according to The New York Times.

The newspaper said it took less than three minutes to get the information it needed to access the registrations of some unnamed executives.

Computer security experts and voting rights activists argue that a hacker could use that information to, say, change a person’s address online to ensure that the voter never receives a ballot in Washington, where voting is now done entirely by mail.

And…

The real concern, critics say, is that large numbers of voters from one political party, or demographic, could have their information changed by automated computer programs. A program that could change tens of thousands of voter records at once, they say, would require only a dozen lines of code.

Washington state officials argue that the state’s online registration system is more secure than the old paperwork system.

Steve Excell, assistant secretary of state, told KUOW’s The Conversation that the state’s system has had a good track record. “Washington state has offered the ability to register to vote online or to change your address for almost five years now. And we’ve had 500,000 transactions, and not one case of abuse or fraud,” he said.

Still, Excell said his office is continually making security improvements. The state currently uses "captchas" to guard against hacking. Captchas are puzzles that display distorted letters and numbers and are difficult for machines to decipher. They’re also difficult for people with dyslexia or those with sight problems. State officials say they’re experimenting with newer versions, including those with audio components.

Here’s what Patty Murphy, voting systems specialist with the Secretary of State, says will happen.

The county will correct your address to your old address and get you a new ballot. Then, county officials will forward the information to law enforcement and report it to the state. The state would seek to identify the exact date/time that the address update was put through and check logs for suspicious behavior to see if it is a widespread issue.